[ppml] Policy Proposal: Modification to Reverse Mapping Policy

David Schwartz davids at webmaster.com
Thu Sep 13 04:37:14 EDT 2007

Dean Anderson wrote:

> This proposal is misguided since it decides lameness on a per-nameserver
> basis rather than a per zone basis.

Certainly a resolver should be able to go to any listed nameserver and get
the right answer.

> A DNS zone is working if even one nameserver responds to queries for
> that zone.

Sure, and a hosting machine is working even if it's spewing spam to innocent
victims. But we don't enable such  machines to do so because they impose
unfair costs on others.

I will try all the nameservers listed for your zone out of robustness. If
you have an operational problem and only some of your nameservers work, I
still want to be able to reach you. But you forcing me to use more than one
nameserver *intentionally* imposes time and bandwidth costs on human beings
that is not part of the DNS deal. It's a wrong for the same reason spam is,
though a lesser one.

> It doesn't matter if a nameserver serves multiple zones, some of which
> it actually is configured to serve, and thus is not lame for some zones.
> Nor does it matter if a nameserver serves multiple zones, and does not
> respond for any of those zones.

Doesn't matter to who for what reason? It matters to a human being who is
waiting for a reply so they can do something.

> The current policy properly identifies lameness by zone, and removes
> delegation records when the _zone_ is lame. A zone is only lame when
> _no_ nameservers respond to queries for that zone.  In that case, ARIN
> can, after appropriate steps, remove delegation records.  The current
> policy is proper so that ARIN nameservers can give out NXDomain
> responses (which are also cached) for those zones that won't be
> supported anyway.

Why should ARIN give out referalls to servers that *intentionally* timeout?
Why should ARIN be a party in wasting other people's time and resources?

> However, if even one nameserver responds for a zone, there is no reason
> for ARIN to take any steps at all: The zone is not lame.  It is not
> ARIN's responibility to monitor the uptime of all delegated namesevers,
> or otherwise ensure that all nameservers are working for a zone, or for
> any group of zones.  There is no harm to ARIN if the zone is not lame,
> but some of the nameservers for that zone are not working.

There is no harm to ARIN, but ARIN is facilitating harm to others. How would
you feel if ARIN added one of your nameservers as a secondary for every
single zone? There would be no harm to ARIN, and the zones wouldn't be lame.
You are saying ARIN staff should have no authority to end this abuse?

> If some other group wants to monitor nameservers and report failures,
> that is up to them. But monitoring nameservers isn't a task that belongs
> to ARIN, beyond the issue of zone lameness.
> Therefore, this policy should not be accepted.

That I agree with. This is a really bad policy. However, a policy that
*permits* ARIN to act in cases where lame delegations or sub-delegations are
actually unfairly imposing costs to complaining human beings and ARIN's
delegations are facilitating it is another story.

If someone asks where the Post Office is, you can tell them nothing or you
can tell them where the Post Office is. Giving them a list of Post Office
addresses, some of which contains Post Offices and some of which don't is
simply not acceptable. It's not your fault if you tell him where the Post
Office is and it's closed, but it is your fault if you tell him where a Post
Office is that has been closed for months and you knew it was closed.


More information about the ARIN-PPML mailing list